Visit Jeremy's Blog.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 03-21-2013, 12:57 PM   #1
Registered: Aug 2003
Location: Europe
Distribution: RHEL 7.x, 6.x, Fedora 20, Kubuntu 12.04
Posts: 322

Rep: Reputation: 17
sshd using pam


On RHEL 6.3 I would like to configure sshd to use pam where i've configured pam_tally2 for maximum password attempts. pam_tally2 works with sudo and su but not with sshd so that a failed ssh login will increment the failedlogin tally.

/etc/pam.d/sshd includes /etc/pam.d/password-auth

In /etc/ssh/sshd_config I have the following configuration.

UsePAM yes
ChallengeResponseAuthentication no
PasswordAuthentication yes
I understand that PasswordAuthentication should be disabled, and this forces sshd to use PAM authentication, however for me, this is not the case because all authenitcation fails and I can't login at all.

Last edited by dazdaz; 03-21-2013 at 01:10 PM.
Old 03-21-2013, 01:22 PM   #2
Registered: Jun 2011
Distribution: redhat, CentOS, OpenBSD
Posts: 298

Rep: Reputation: 96
I just use the line
 auth        required      /lib64/security/ per_user deny=3
in the /etc/pam.d/system-auth file. This locks out a user after 3 failed attempts of any kind.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Want to use pam-config for sshd and some other pingu Linux - Security 2 04-05-2012 02:53 PM
Problem in using PAM-TACACS+ with sshd Bandlaraj Linux - Software 0 08-20-2009 08:32 AM
pam.d/sshd config for passwd expiration ssy68 Linux - Newbie 3 03-26-2008 10:56 AM
pam or sshd ignoring max retries; 8 > 3 antieagles Linux - Security 0 09-29-2004 12:45 PM
PAM and sshd, major problems KneeLess *BSD 0 06-06-2004 02:00 PM

All times are GMT -5. The time now is 05:49 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration